report (rpt)
Description
Report
generates
an AppScan®
Source report
of the specified type, including findings reports and AppScan
Source reports.
A valid AppScan
Source for
Automation license
is required for use of this command.
Available report output formats are HTML, PDF, and zip.
Syntax
report "<report type>" <output format> <output location>
[<assessment id>] [-includeSrcBefore:<n>] [-includeSrcAfter:<n>]
[-includeTrace:<definitive|suspect|coverage>]
report type
: The name of the report, in double quotation marks, to generate. Specify one of the following:- A Findings report:
Findings by Bundle
Findings by API
Findings by Classification
Findings
DTS Activity
Findings by Type
Findings by CWE
Findings by File
- An AppScan
Source report:
CWE SANS Top 25 2011
DISA Application Security and Development STIG V4R4
OWASP Mobile Top 10
OWASP Top 10 2013
PCI Data Security Standard V3.2
Software Security Profile
- A custom report, if available.
When entering the report type, in double quotation marks, enter the exactly as specified in the above list - for example
Findings by Classification
orSoftware Security Profile
.- A Findings report:
output format
: Specify one of the following formats for this report:html
: Generates the report as HTML and displays it online.zip
: Creates a ZIP file that contains all HTML report components- For reports in PDF format, you can specify the level of detail:
pdf-summary
: Contains counts for each custom report grouppdf-detailed
: Contains counts for each API for each vulnerability propertypdf-comprehensive
: Contains tables consisting of every finding for every APIpdf-annotated
: Contains all findings, any notes included with the findings, and designated code snippetsoutput location
: The file path to write the report.
output location
: Specify the absolute path and file name to which you want to save the report.assessment id
: Optional. The assessment ID, which you obtain from thelistassess (la)
command. If you omit assessment ID, the report is generated from the most recent scan.-includeSrcBefore:<n>
: Optional. The number of lines of source code to include in a report before each finding.-includeSrcAfter:<n>
: Optional. The number of lines of source code to include in a report after each finding.-includeTrace:<definitive|suspect|coverage>
: Optional. Include trace information in the report for definitive, suspect, or scan coverage findings (see Classifications to learn about findings classifications). To include trace information for more than one findings classification, specify this option multiple times. For example, to include trace information for definitive and suspect findings, specify-includeTrace:definitive -includeTrace:suspect
.
Examples
- Request a Findings by API report written to HTML. In the
report, include trace information for definitive findings:
AllApplications>> report "Findings by API" html C:\reports\findings.html -includeTrace:definitive
- Request an OWASP Top 10 AppScan
Source report
written to PDF with comprehensive detail using existing assessment
542:
AllApplications>> report "OWASP Top 10 2013" pdf-comprehensive /reports/webgoat_OWASP_13_comp.pdf 542